On July 16, 2020, the CJEU invalidated the EU-US Privacy Shield agreement (which was adopted in 2016 by the European Commission following the invalidation of the “Safe Harbor”) in an effort to make the transfer of EU citizens’ data to the United States safe and secure.
#ECJ: the Decision on the adequacy of the protection provided by the EU-US Data Protection Shield is invalidated, but @EU_Commission Decision on standard contractual clauses for the transfer of personal data to processors established in third countries is valid #Facebook #Schrems pic.twitter.com/BgxGAvuq3T
— EU Court of Justice (@EUCourtPress) July 16, 2020
Last week, on July 16, a complaint brought against Facebook Ireland by Austrian national Maximillian Schrems prompted the ruling. It was determined that the scope and pervasiveness of the US surveillance framework does not allow enough protection for European citizens’ data, thus violating rights granted to citizens under the EU GDPR regulation.
Can you still transfer personal data to the US?
If you previously used the SCCs for your transfers, the law has not changed.
The CJEU ruled that the EU-U.S. Privacy Shield is to be invalidated. In turn, the court ruled that the system of Standard Contractual Clauses (SCCs) which allows for data transfers from the EU to third countries, is valid.
How will it affect 2Checkout merchants?
As a merchant, you may be wondering about the impact of this ruling and you may have questions about the whole process. As your trusted commerce partner, we’ll continue supporting you through all regulatory updates, and today we want to inform you that our business relationship continues to rely on SCC.
We remind you that you can always find up-to-date information on 2Checkout data flows by reviewing our terms and conditions at https://www.2checkout.com/legal/terms/ and our service agreement at https://secure.2checkout.com/cpanel/services_agreement.php.
Our terms of service and agreements provide our customers with overlapping protections under both the Standard Contractual Clauses and Privacy Shield frameworks for data transfers.
2Checkout has a thorough and rigorous process for choosing our suppliers. Where applicable law requires us to ensure that an international data transfer is governed by a data transfer mechanism, we use one or more of the following mechanisms: EU Standard Contractual Clauses with a data recipient outside the EEA or the UK, or verification that the recipient adheres to the EU-US and Swiss-US Privacy Shield Framework. We are also PCI DSS (Payment Card Industry Data Security Standard) certified so we can ensure that sensitive cardholder data is handled safely.
2Checkout has always been and continues to be committed to the security of personal information, and complying with top standards is just one example of the constant efforts and investments we make for the security of our commerce platform.
We will continue to monitor the latest updates and developments and will announce compliance actions as soon as final guidelines become available.